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PRELIMINARY AMENDMENT 

Assistant Commissioner of Patents 
Washington, D.C. 20231 

Sir: 

Prior to initial examination, kindly amend the above-identified application as follows: 

IN THE SPECIFICATION ; 

Please amend the specification as follows: 

Page 1, before "Field of the Invention" insert the following paragraph: 

-This is a continuing application of Serial No. 09/129,879 filed on August 6, 1998.— 

IN THE CLAIMS: 



Please cancel claims 1-12 without prejudice or disclaimer. 



Please add the following claims 54-58: 

-54. A secure network having a plurality of host computers accessible to users and 
interconnected with a non-secure communication medium such as the Internet, the secure network 
comprising: 

a network security controller for enabling a security officer to generate at least one 
user profile for each user, each user profile defining at least one destination which the user is 
authorized to access; and, 

security devices connected with said host computers for receiving the user profiles 
generated at the network security controller, each security device associated with one host computer, 
each security device having an authorization device for authorizing users at the associated host 
computer, the security device permitting the authorized user, via the associated host computer, to 
select a user's profile associated with the user and for restricting access of the host computer to the 
at least one destination defined in the selected user's profile, and wherein each security device 
includes a communication control system to control access of the host computer to the 
communication medium, said communication control system including a data storage device for 
storing data provided by said host computer in a memory space, and for transferring data out of said 
memory space while making the transferred data inaccessible to said host computer. 

55. A security device for a multi-level secure network implementing security at a network 
layer (layer 3) of protocol hierarchy having a plurality of host computers accessible to users for 
communication over a computer network medium, said security device locatable between said host 
computer and the network medium, wherein said security device comprises a network interface for 
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connecting said security device to the network medium, and a port for connecting said security 
device to said host computer and further comprising a memory device connected with said port for 
storing data provided from said host computer in a memory space, and means for switching said data 
out of said memory space while making said switched data inaccessible to said host computer, thus 
controlling the pass-through of data between said host computer and the network medium. 

56. A security device for a multi-level secure network implementing security at anetwork 
layer (layer 3) of protocol hierarchy having a plurality of host computers accessible to users and 
connected to a computer network medium, said security device connectable between at least one host 
computer bus and the network medium, said security device comprising 
a local bus, a local RAM, and a local processor; 

a network interface for connecting said local bus to the computer network medium 
and including a network processing means for transferring information between said local RAM and 
said network medium; 

a communication separation means for connection between said local bus and said 
host bus and for preventing direct pass-through of information between said host bus and said local 
bus and for preventing direct access between said host bus and said local RAM, said communication 
separation means including a memory device for storing information provided over said host bus in 
a memory space, a first port interconnecting said host bus and said memory device, and a second port 
interconnecting said local bus and said memory device, said information transferrable from said 
memory space to said local bus while making the transferred information inaccessible to said host 
bus; 
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wherein said local processor processes information to be transferred between said host 
bus and said network medium in accordance with a predetermined security policy to determine 
whether communication between a host computer and the network medium is authorized, said local 
processor including means for accessing host bus information from said memory space and 
transferring said information to said local bus. 

57. The security device of claim 56 wherein said local processor processes said host bus 
information in accordance with said predetermined security policy, transfers the processed host bus 
information to said local RAM for access by said network processing means, accesses network 
medium information placed in said local RAM by said network processing means, processes said 
network medium information in accordance with said security policy, and transfers the processed 
network medium information to said communication separation means for access by said host bus. 

58. A security device for connecting a host computer from a host bus to a computer- 
accessible network, the security device comprising a local bus, a network interface for connecting 
said local bus to the computer-accessible network, and a communication separation and control 
system for connection between said local bus and said host bus, said communication separation and 
control system including a first port coupled to said host bus, a second port coupled to said local bus, 
and a signal storage device interconnecting said first and second ports, said signal storage device 
storing signals provided over said host bus in a host bus memory space and over said local bus in 
a local bus memory space, wherein said signals are transferable between said host bus memory space 
and said local bus memory space with said switched signals from said host bus memory space being 
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invisible to said host bus after being switched to said local bus memory space, said communication 
separation and control system preventing pass-through of signals between said host bus and said 
computer-accessible network without transitory storage in said signal storage device, and further 
comprising security device processing means for controlling the transfer of signals out of said local 
bus memory space of said signal storage device. — 
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REMARKS 

Amendment of the above-captioned application prior to examination on the merits is 
respectfully requested. By this Amendment, claims 1-12 have been canceled without prejudice or 
disclaimer and new claims 54-58 have been added. The specification has been amended to identify 
this application as a continuing application from Serial No. 09/129,879 filed on August 6, 1998, 
which application is presently allowable and the Issue Fee will be paid. 

Claims 13-53, and newly added claim 54 are directed to claims subject to a Restriction 
Requirement in the parent application. These claims relate to a network system and/or method . 
Claims 55-58 are claims directed to the security device, the subject of the parent application, but in 
a slightly different format. 

Should the Examiner have any questions after reviewing this Preliminary Amendment he is 
cordially invited to telephone the undersigned attorneys. 

Respectfully submitted, 
JACOBSON HOLMAN PLLC 



400 Seventh Street, N. W. 
Washington, D.C. 20004 
Telephone: (202) 638-6666 
Atty. Docket No.: P62141US1 
Date: August 22, 2001 
MRSxwp 




Michael R. Slobasky 
Reg. No. 26,421 
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LETTER TO THE OFFICIAL DRAFTSPERSON 



Assistant Commissioner of Patents 
Washington, D.C. 20231 

Sir: 

Submitted herewith are 14 sheets of formal drawings. Please substitute these drawings for 
the original drawings attached to the original specification. 



Respectfully submitted, 
JACOBSON HOLMAN PLLC 



400 Seventh Street, N. W. 
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Telephone: (202) 638-6666 
Atty. Docket No.: P62141US1 
Date: August 22, 2001 
MRSxwp 

R:\CMOORE\MRS\Cryptek\P62l41Ul LOD 




